b'OFFICE OF INSPECTOR GENERAL\n                     Audit Report\nAudit of the General and Application Controls in the\nRailroad Retirement Board\xe2\x80\x99s Financial Management\n                Information System\n\n\n        This abstract summarizes the results of the subject audit.\n        The full report includes information protected from disclosure\n        and has been designated for limited distribution pursuant to\n        5 U.S.C. \xc2\xa7 552\n\n\n\n\n                        Report No. 14-06\n                         May 06, 2014\n\n\n\n\n   RAILROAD RETIREMENT BOARD\n\x0c                                REPORT ABSTRACT\n                 Audit of the General and Application Controls in the\n       Railroad Retirement Board\xe2\x80\x99s Financial Management Information System\n\n\nThe Office of Inspector General for the Railroad Retirement Board (RRB) conducted an\naudit of the general and application controls in the RRB\xe2\x80\x99s financial management\ninformation system. The objective of our audit was to assess the adequacy of the\ncontrols.\n\nFindings\n\nOur audit determined that control deficiencies exist for the general and application\ncontrols in the financial management information system at the RRB. Controls need to\nbe strengthened for physical access, logical application access, system development,\nand for the system of record notices. Specifically, we determined that:\n\n   \xe2\x80\xa2    Physical access control systems need updates.\n   \xe2\x80\xa2    Physical access privileges need to be appropriate.\n   \xe2\x80\xa2    Physical access tokens need to be safeguarded.\n   \xe2\x80\xa2    Personnel exit procedures need to be consistently performed.\n   \xe2\x80\xa2    Physical security training is needed.\n   \xe2\x80\xa2    Physical security management documentation is needed.\n   \xe2\x80\xa2    Supporting documentation is needed for logical access privileges granted.\n   \xe2\x80\xa2    Logical access security table changes need monitoring.\n   \xe2\x80\xa2    Certain types of systems development need monitoring.\n   \xe2\x80\xa2    Supporting documentation is needed for emergency program changes.\n   \xe2\x80\xa2    System of Records Notices need to be updated.\n\nRecommendations\n\nIn total, we made 25 detailed recommendations to RRB management in order to\nstrengthen the control deficiencies related to physical access, logical application\naccess, system development, and system of record notices.\n\nManagement\xe2\x80\x99s Responses\n\nAgency Management concurs with all recommendations.\n\x0c'